International cybercrime treaty finalized

A committee on crimes for the Council of Europe signed off Friday on the final draft of a broad treaty that aims to help countries fight cybercrime, but which critics say sacrifices privacy protections.

When ratified by the council's leadership and signed by individual countries, the Convention on Cyber-Crime will bind countries to creating a minimum set of laws to deal with high-tech crimes, including unauthorized access to a network, data interference, computer-related fraud and forgery, child pornography, and digital copyright infringement.

The convention--which reached its 27th draft before being approved--also has provisions that will ensure surveillance powers for governments and bind nations to helping each other gather evidence and enforce laws.

However, the new international powers will come at the expense of protections for citizens against government abuse, said James X. Dempsey, deputy director of the tech-policy think tank Center for Democracy and Technology in Washington, D.C.

"The treaty's framers started in the wrong place," he said. "For the first nineteen drafts, they kept it essentially a law-enforcement treaty. Only in the end did the privacy issues get attention, and they never got the attention they deserved."

The Council of Europe--founded in 1949 and based in Strasbourg, France--groups together 43 European countries. If the Convention on Cyber-Crime is approved, the United States--along with others that have observer status within the Council (Japan, Canada, Mexico and the Vatican)--will be allowed to sign on.

The treaty "addresses an important problem: the difficulties law enforcement has in pursing criminals across national borders, something that is common in Internet crime," said Patricia Bellia, assistant professor at Notre Dame Law School.

Bellia, formerly an attorney with the U.S. Department of Justice and an expert in the jurisdictional problems in prosecuting Internet crimes, thought that the privacy problems with the treaty have been overstated.

"The convention is not designed to undermine privacy protection," she said. "It keeps existing privacy protections. For example, if the United States signed the treaty, it couldn't do anything to undermine the Fourth Amendment." The Fourth Amendment to the Constitution is generally cited in court cases as protecting U.S. citizens' right to privacy.

Several officials from the DOJ have been advising the European Committee on Crime Problems--the group that created the treaty--during the draft process. The DOJ itself did not respond immediately to requests for comment.

Although the United States has a foundation for defending privacy, the treaty will not force other countries--whose citizens may not enjoy constitutional privacy protections--to adopt laws to guard their citizens' privacy.

Last month, the European Committee on Crime Problems bowed to pressure from international rights groups and included some provisions in the treaty to limit surveillance to criminal investigations and added some safeguards to civil liberties.

But it's still not enough, Dempsey said.

"Unfortunately, it remains a fundamentally imbalanced document," he said. "While the privacy issues received somewhat more attention in the final stages of the process, the treaty does not have the specificity needed for meaningful privacy protection in the face of the increasing surveillance power of this new technology."

The final draft of the convention will be posted to the Council of Europe Web site June 29.